France’s Foreign Ministry has accused Russian military intelligence of being behind cyber attacks that have been targeting French ministries, defence firms and think tanks over the years. Paris drew on its own intelligence findings and flagged the GRU intelligence APT28 unit based in Rostov-on-Don in southern Russia as being responsible for attacks on France as far back as 2015. Back then, TV5 Monde was taken off air because of a purported hack by Islamic State militants. French authorities say the APT28 unit was responsible for that hack, and another was during the 2017 presidential election when emails linked to Emmanuel Macron’s campaign were leaked, mixed with disinformation.
According to France’s National Cybersecurity Agency (ANSSI), APT28 has been attempting to gain access to strategic intelligence from entities across Europe and North America. The government’s decision to go public was motivated in part, officials said, to keep people informed at a time of political uncertainty and because of Russia’s war in Ukraine. The Russian embassy has yet to respond to media requests for comment.
Citing the increasing number of attacks on French ministries, local administrations, defence companies, aerospace firms, think tanks and entities in the financial and economic sector last year, ANSSI declared that the most recent attack attributed to APT28 was in December. All told, some 4,000 cyber attacks were linked to Russian actors in 2024, 15% more than in 2023.
“These activities are unacceptable and unworthy of a permanent member of the United Nations Security Council“, the foreign ministry said, noting that France, with its partners, “is determined to use all means at its disposal to anticipate, deter and respond to Russia’s malicious behaviour in cyberspace”.
❝For several years the Russian military intelligence service (GRU) has been deploying a cyber-attack group called APT28 against France. It has targeted about 10 French entities since 2021. In cyberspace, France is observing, blocking and combating its foes,❞ highlighted Jean-Noël Barrot, Minister for Europe and Foreign Affairs.
Hacking experts claim that APT28 has been active worldwide since at least 2004, mostly in cyberespionage activities. In May last year, Germany accused APT28 of having launched cyber attacks on its defence and aerospace firms and its ruling political party, in addition to targeting other countries. Russia’s embassy in Berlin rejected the accusations at the time as “another unfriendly step aimed at inciting anti-Russian sentiments in Germany.”
